Ansible Tower@3.5.0 Security Vulnerabilities and Issues — Ansible Tower@3.5.0 CVE List

Lucene search

RedhatAnsible Tower3.5.0

3 matches found

CVE•added 2019/10/14 3:15 p.m.•236 views

CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are process...

7.3CVSS5.4AI score0.00045EPSS

CVE•added 2019/12/19 9:15 p.m.•177 views

CVE-2019-19340

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could g...

8.2CVSS8.1AI score0.0041EPSS

CVE•added 2019/12/19 9:15 p.m.•159 views

CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wil...

5.3CVSS5.5AI score0.00198EPSS